The Obama administration pursued a Bush-era US-Israeli cyber-offensive aimed at setting back Iran’s nuclear program, David Sanger reports in the New York Times Friday.
Code-named “Olympic Games,” and initiated in 2006, the cyber-operation targeted the computer systems that run the centrifuges at Iran’s Natanz uranium enrichment facility.
But the operation, undertaken by the U.S. National Security Agency and its Israeli counterpart, went through various phases and updates, and in 2010, there was a big glitch: the Stuxnet worm spread beyond its intended target of Natanz to other facilities, and soon caught the attention of computer security experts around the world. And as Sanger reports, when US intelligence officials had to brief Obama about the alarming development, naturally, they initially blamed their Israeli partners for modifying the program without telling them:
At a tense meeting in the White House Situation Room within days of the worm’s “escape,” Mr. Obama, Vice President Joseph R. Biden Jr. and the director of the Central Intelligence Agency at the time, Leon E. Panetta, considered whether America’s most ambitious attempt to slow the progress of Iran’s nuclear efforts had been fatally compromised.
“Should we shut this thing down?” Mr. Obama asked […]
In the summer of 2010, shortly after a new variant of the worm had been sent into Natanz, it became clear that the worm, which was never supposed to leave the Natanz machines, had broken free, like a zoo animal that found the keys to the cage. It fell to Mr. Panetta and two other crucial players in Olympic Games — General Cartwright, the vice chairman of the Joint Chiefs of Staff, and Michael J. Morell, the deputy director of the C.I.A. — to break the news to Mr. Obama and Mr. Biden. […]
An error in the code, they said, had led it to spread to an engineer’s computer when it was hooked up to the centrifuges. When the engineer left Natanz and connected the computer to the Internet, the American- and Israeli-made bug failed to recognize that its environment had changed. It began replicating itself all around the world. Suddenly, the code was exposed, though its intent would not be clear, at least to ordinary computer users.
“We think there was a modification done by the Israelis,” one of the briefers told the president, “and we don’t know if we were part of that activity.”
Mr. Obama, according to officials in the room, asked a series of questions, fearful that the code could do damage outside the plant. The answers came back in hedged terms. Mr. Biden fumed. “It’s got to be the Israelis,” he said. “They went too far.”
But ultimately, “it is unclear who introduced the programming error,” Sanger concludes.
How did the Stuxnet virus get on the Natanz system in the first place? Initially, via a thumb drive, Sanger reports:
Getting the worm into Natanz, however, was no easy trick. The United States and Israel would have to rely on engineers, maintenance workers and others — both spies and unwitting accomplices — with physical access to the plant. “That was our holy grail,” one of the architects of the plan said. “It turns out there is always an idiot around who doesn’t think much about the thumb drive in their hand.”
In fact, thumb drives turned out to be critical in spreading the first variants of the computer worm; later, more sophisticated methods were developed to deliver the malicious code.
(Photo: An Iranian soldier stands guard inside the Natanz uranium enrichment facility, 322km [200 miles] south of Iran’s capital Tehran March 9, 2006:REUTERS/Raheb Homavandi.)